squad-review

SUSPICIOUS: the skill's purpose is coherent, and its local git/GitHub usage is consistent with code review, but it combines untrusted PR content with six parallel subagents granted full tool access. That makes the main risk prompt-injection and overbroad execution scope, not malware or credential theft.